08 April 2020

Cybersecurity: COVID-19 and Telework, in VidaEconómica

Vida Económica - Does the widespread use of remote work create new needs for data protection for organizations?

Bruno Rodrigues - Without a doubt. The pandemic spread at an unexpected pace in early January, so that nations were unable to prepare for the adversities we face today. With this evolution in the spread of Covid-19, remote work has also taken on unimaginable dimensions in recent weeks. There was, in fact, a race for teleworking solutions without these being able to be properly tested or integrated into the normal work processes of organizations, leading to systemic failures of privacy and security for organizations.

On the other hand, we have seen a global increase in global attacks against computer systems due to the overhead that they register - hackers know this and are clearly taking advantage of the current situation of lack of control.

This rush to telecommuting was, for the most part, reactive, which opened the door to a series of vulnerabilities that many organizations are not prepared to face or resolve in a short period of time.

VE - What are the biggest vulnerabilities in terms of cybersecurity?

BR - The biggest vulnerabilities in terms of cybersecurity are related to the “move” from the secure perimeter of organizations to our homes and the sudden increase in connections from devices outside the organization's control to the corporate network.

Due to this situation, questions arise such as: can I trust the devices that I now connect to? Is it really the user who is connecting? Is the information circulating securely and its confidentiality ensured? Once this change is already in place, what we advise is that organizations return to the basic security triangle - Confidentiality, Integrity and Availability - and look at their threats, controls and effectiveness in order to get a sense of how the cyber risk has changed with this new situation.

Noesis continues to operate 100%, with the ability to respond to security incidents, whether on the corporate network or on remote devices of our customers. All this with a 100% remote and dispersed team, but with the same ability to respond quickly and effectively.

VE - In order to increase safety, is training and awareness of users essential?

BR - The key to a secure organization is the preparation for responding to threats through security controls, which translates, for example, into technology, processes or training. So clearly this phase is not the best time for training or sensitizing users, as this should have been done calmly and thoughtfully in a period of ‘no’ crisis. On the other hand, with the extension of the need for telecworking, one can start to design this awareness. This depends on the organization and the infrastructure of each.

VE - What measures should SMEs adopt in this area?

BR - At this stage, we are advising SMEs to adopt a series of options cloud based that will allow to optimize and automate a series of processes, reducing the intervention of the teams in the implementation of secure teleworking solutions. We have been working closely with Microsoft for the past few weeks to adopt transversal security solutions based on Azure. It is the fastest and most efficient way that companies, especially SMEs, have to make their infrastructure secure, especially teleworking.

VE - How is Noesis contributing to the increase in cybersecurity?

BR - Since the beginning of the year, Noesis has designed a plan - unrelated to the emergency we are experiencing - with the objective of creating a cybersecurity area of European reference.
We have come to a vision based on the difficulty that Noesis, our partners and customers have in scaling up cybersecurity areas.

We concluded that the only way to win the war against the growing number of attacks that our Cyber Intelligence reported was: to automate as much as possible all the functions that professionals perform, whether defense or Red / Blue Team attack; analyze the information that results from this process automation; pass, whenever possible, this analysis to Artificial Intelligence or Machine Learning; analyze the information provided by Artificial Intelligence; automate new processes resulting from this analysis.

By doing this on an ongoing basis, we can scale up the human resources we have and introduce technology into the process, which makes organizations increasingly secure. As previously mentioned, our organization has had an excellent implementation of this vision for SMEs and large companies, based on Microsoft Azure solutions that share this vision.

On the other hand, in this context of enormous challenge, we are working closely with our technological partners, who are making their technologies available (often free of charge) to companies. We are assisting our customers in the process of implementing and using these technologies, seeking to ensure that organizations have the necessary support to ensure the continuity of their business and to safeguard the security of their systems and information.

*Published in VidaEconómica.

Cyber security, Remote Work